Opened 2 months ago

Closed 2 months ago

#32128 closed task (fixed)

Point DNS for snowflake-broker.torproject.net at the new broker set up in #29258

Reported by: dcf Owned by: anarcat
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords: snowflake
Cc: cohosh, arlolra, phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Please point the DNS name snowflake-broker.torproject.net at the two IP addresses:

37.218.245.111
2a00:c6c0:0:154:4:d8aa:b4e6:c89f

There is a PGP-signed statement of those addresses at https://lists.torproject.org/pipermail/anti-censorship-team/2019-October/000040.html.

In comment:11:ticket:29258, we set up a new Snowflake broker that has an IPv6 address. At today's anti-censorship meeting we decided to test it by first pointing the (currently unused) snowflake-broker.torproject.net DNS at it.

17:07:37 <dcf1> I've set up a new broker and documented the installation instructions.
17:07:54 <dcf1> https://trac.torproject.org/projects/tor/ticket/29258#comment:11
17:08:20 <dcf1> Figners crossed, I think all that's needed to start using it is to update some DNS records.
17:08:36 <dcf1> But perhpas we should do a smaller-scale test first.
17:09:41 <dcf1> One option is we give the new broker a hostname different than the snowflake-broker ones already in use; that way we can test it ourselves.
17:09:59 <cohosh> we have 3 different broker domains already
17:10:02 <dcf1> Another option is to only set up AAAA records now, so that IPv4 traffic goes to the old broker and IPv6 traffic goes to the new.
17:10:05 <cohosh> bamsoftware, freehaven, and tp.net
17:10:25 <dcf1> Yeah and freehaven is a CNAME to bamsoftware, so really we only need to update bamsoftware and torproject.
17:10:39 <cohosh> we could switch tp.net first and test with that
17:10:54 <cohosh> since freehaven/bamsoftware is the deployed one
17:11:04 <cohosh> we haven't deployed tp.net in the client or proxies yet
17:11:24 <dcf1> Yeah I guess you're right.
17:11:24 <cohosh> due to concerns that some places (like the UK) are good places for proxies but may block tor project domains
17:11:54 <dcf1> And I guess that snowflake-broker.azureedge.net still points to the bamsoftware one, though I would have to check to be sure.
17:12:19 <dcf1> Okay, that's a good idea cohosh. We need to ask someone to update the torproject.net names to the IP addresses mentioned in the ticket.
17:13:14 <dcf1> Then we ourselves can test using the client with `-url https://snowflake-broker.torproject.net/' and proxy-go with `-broker https://snowflake-broker.torproject.net/`

anarcat originally set up the snowflake-broker.torproject.net domain at comment:13:ticket:31232.

Child Tickets

Change History (2)

comment:1 Changed 2 months ago by anarcat

Owner: changed from tpa to anarcat
Status: newassigned

checked sig, checks out

comment:2 Changed 2 months ago by anarcat

Resolution: fixed
Status: assignedclosed

done in dns/domains repo in commit 57dc8c0

Note: See TracTickets for help on using tickets.